SSH Connection Refused on Newly Joined AFF-A50 | NetApp | Page 1

cosmic forum Mar 27, 2026, 12:56 AM

#

Hey folks, a peer of mine just joined an A50 to their cluster running 9.16. We can't SSH to the e0M interfaces on these new nodes, but we can SSH to all the other nodes. We've confirmed the attached service-policy permits SSH, and we've confirmed SSH is permittd from the source address. In fact, theres no policy denying SSH from a specific source network. Additionally, we deleted the LIF and recreated it to no avail.

We appreciate any suggestions.

obsidian flume Mar 27, 2026, 6:51 AM

#

I had sometimes the same after rebooting the SP from the affected node it worked again

severe granite Mar 27, 2026, 8:46 AM

#

Just to be clear you can setup e0M inside the cluster and SSH to it, and you can setup the SP with another IP and reach that over the same physical port. Either way I would try to create a test user with the correct roles (security login create -user test -application ssh) will allow you to login to the cluster, and (-application service-processor) will allow you into the service-processor... This creation should propergate into the SP... and if it's just the SP you cannot contact, try a reboot (service-processor reboot-sp)

nimble sail Mar 27, 2026, 8:53 AM

#

sounds like a network issue. Please make sure that you can SSH to the SP (which is also behind the e0M port). If that also doesn't work, check the switchport's network config (maybe it's a trunk port instead of an access port)

warped ore Mar 27, 2026, 10:56 AM

#

Just curious.
What’s the output of

network port reachability show -port e0M -fields reachability-status , reachable-broadcast-domains, expected-broadcast-domain

hoary falcon Apr 10, 2026, 11:32 AM

#

@cosmic forum Is the ssh fails for the BMC/SP too?
Or the ssh fails only to the new nodes node-mgmt lifs and cluster-lif when it hosted on the new nodes.

If ssh to SP/BMC works and it fails only for the node management lifs then might be problem with erroneous sshd config file

slate venture Apr 10, 2026, 2:11 PM

#

The SP has its own default gateway. If you are connecting from a different network segment, make sure the default gateway is correct.

warped ore Apr 10, 2026, 3:57 PM

#

Still want to see the “network port reachability” results

nimble sail Apr 10, 2026, 4:26 PM

#

these do not necessarily indicate issues.. I have seen cases where the port reachability said "no reachability" although everything was fine, and also the other way round. I wouldn't trust the output of that command

warped ore Apr 10, 2026, 7:00 PM

#

Agreed. Bit of all the other ports are ok and the new ones are not, could still be a finding

#SSH Connection Refused on Newly Joined AFF-A50